Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

8abfd403cc...99.exe

windows7-x64

7

8abfd403cc...99.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    08/05/2024, 07:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8abfd403cc7f839963eaa085ba2bf55f3df5f482fb2c0896caf38bcd62120b99.exe

  • Size

    5.7MB

  • MD5

    54da90282e7b2fa9c1cf20fbbe3f0625

  • SHA1

    732614d5489d69df97b74e5a53c136a85f91b857

  • SHA256

    8abfd403cc7f839963eaa085ba2bf55f3df5f482fb2c0896caf38bcd62120b99

  • SHA512

    e8ca340b6458622bd2928e112a3f2e70a2c470725f9d43914d4560cb10abb7d6cfac9b3b0f78842a43389c781f34043980aa72da14cc8e9dc52b8f93782141ff

  • SSDEEP

    49152:0Pv94AEsKU8ggw1g+1CART5eBiyKS3EI3wybn20DCYIHvc8ixuZm9+fWsw6dTPBm:yKUgTH2M2m9UMpu1QfLczqssnKSh

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 4 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1228
      • C:\Users\Admin\AppData\Local\Temp\8abfd403cc7f839963eaa085ba2bf55f3df5f482fb2c0896caf38bcd62120b99.exe
        "C:\Users\Admin\AppData\Local\Temp\8abfd403cc7f839963eaa085ba2bf55f3df5f482fb2c0896caf38bcd62120b99.exe"
        2⤵
        • Drops file in Windows directory
        • Suspicious use of WriteProcessMemory
        PID:2076
        • C:\Windows\SysWOW64\cmd.exe
          cmd /c C:\Users\Admin\AppData\Local\Temp\$$a23B6.bat
          3⤵
          • Deletes itself
          • Loads dropped DLL
          PID:1756
          • C:\Users\Admin\AppData\Local\Temp\8abfd403cc7f839963eaa085ba2bf55f3df5f482fb2c0896caf38bcd62120b99.exe
            "C:\Users\Admin\AppData\Local\Temp\8abfd403cc7f839963eaa085ba2bf55f3df5f482fb2c0896caf38bcd62120b99.exe"
            4⤵
            • Executes dropped EXE
            PID:2688
        • C:\Windows\Logo1_.exe
          C:\Windows\Logo1_.exe
          3⤵
          • Executes dropped EXE
          • Enumerates connected drives
          • Drops file in Program Files directory
          • Drops file in Windows directory
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2172
          • C:\Windows\SysWOW64\net.exe
            net stop "Kingsoft AntiVirus Service"
            4⤵
            • Suspicious use of WriteProcessMemory
            PID:2956
            • C:\Windows\SysWOW64\net1.exe
              C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
              5⤵
                PID:2680

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe
        Filesize

        252KB

        MD5

        8d1917f237658b1fc24316320e062aea

        SHA1

        34d8e8255e61312faacf4ccc8eb3bc5805bc447a

        SHA256

        949bd266dca986ead5011302e73fc29c14e1aad133d1faed2e8838df2755e123

        SHA512

        a4f6ffc607081626c8ab97f4651c9e0db5ae7ac8d21b662060625acd77118745850946ed78d1508a030f54193ec906b545477c570e086c6cebd56cd65413a54f

        Download Submit

      • C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
        Filesize

        472KB

        MD5

        88eb1bca8c399bc3f46e99cdde2f047e

        SHA1

        55fafbceb011e1af2edced978686a90971bd95f2

        SHA256

        42fd78c05bc240d4ded16ac974f17c336f6ae3a1814d548021c48a942cc30428

        SHA512

        149d4de0c024e25a13a7bb17471e6f48391d4f26b1c8388672320eed1c255f84219ad7b72bbebc531ae558d5192dd4bb6d0dddd6c65a45300c8e8348a4fb3728

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\$$a23B6.bat
        Filesize

        722B

        MD5

        2ecdd710428f475504c095c0425b150a

        SHA1

        900d7d006c6607ffb66b493ca51cba56ca1d20a1

        SHA256

        bb8b68e18d9d54d5d298fcbbdc4cccee932f6faec2f5f615f6f6cc100776d0f8

        SHA512

        52d69d54525129d8fc1ea1b2c781d179aad24c5dc746fb1662ea9c670a42556e9665d84e0329a91071bdb597aee27e8077e30987a34ca5f881886b135049bee0

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\8abfd403cc7f839963eaa085ba2bf55f3df5f482fb2c0896caf38bcd62120b99.exe.exe
        Filesize

        5.7MB

        MD5

        c596c3539f619ec76f36741933da5bed

        SHA1

        b3243f0ee893528f0ccd71700ca9970def6670b5

        SHA256

        bb9f95d1b280c1ec9ae27cf564bbb1b485e2d721d44b3288a9a43c07517e38de

        SHA512

        e6e9bd571f8a74b0d2f1a88f9c90fbf10a2150cda55cd4ad6f9a37e0c4a957a175ecb8adf17822331e6cb83bac6fec5bdc2fc87fdb5bc2bfa46ad7dac4df31d2

        Download Submit

      • C:\Windows\Logo1_.exe
        Filesize

        27KB

        MD5

        151e98c05a995884a3f5fe2077409a99

        SHA1

        e7379083dd24f1dc62d41698f86a805db837e929

        SHA256

        e3cdf680322b8ce4451e5bac81f4403fabef6cc7c33d7ca23eb55564656e2413

        SHA512

        108ce79cd432c17c4bba84878e95f1d0c38ab8546356d4e2f75eba182a145449969b602b183158f56b8ff08a7c4cbc0811fb21e07268fe9a47eaeb442737105b

        Download Submit

      • F:\$RECYCLE.BIN\S-1-5-21-2721934792-624042501-2768869379-1000\_desktop.ini
        Filesize

        8B

        MD5

        ec89b9cba2f5e7b9394fdd901d6c3977

        SHA1

        63b0db3abcd08b863a9a3944799b41efa264db40

        SHA256

        2b4efa4e113d3044c8e47f59a7b75225cc7736c2fa28f9e52949b9441f3d77ca

        SHA512

        901f7d44754e59fba0b1b90341927744f670463f4d18e2694617f74fe4e3f456e9088530bccc16e758fc67a23f91380a3655121ba911e8ff5173f3ac4cb0f1d2

        Download Submit

      • memory/1228-31-0x0000000002560000-0x0000000002561000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2076-15-0x0000000000440000-0x0000000000475000-memory.dmp

        Filesize

        212KB

        Download

      • memory/2076-0-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/2076-17-0x0000000000440000-0x0000000000475000-memory.dmp

        Filesize

        212KB

        Download

      • memory/2076-18-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/2172-20-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/2172-33-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/2172-40-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/2172-46-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/2172-92-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/2172-98-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/2172-872-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/2172-1851-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download

      • memory/2172-3310-0x0000000000400000-0x0000000000435000-memory.dmp

        Filesize

        212KB

        Download